How SAF And TSS Are Initialized At IPL Time
search cancel

How SAF And TSS Are Initialized At IPL Time

book

Article ID: 48671

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

At IPL time messages, TSS2000I, TSS2001I and CAS2031I are issued and Top Secret has not started yet.

What makes those messages bet issued?
Does TSS fully activate after those messages are issued?

Resolution

To answer to those questions, a review of the z/OS IPL phases is needed:

The IPL (Initial Program Load) phases are mainly:

The hardware process of loading z/OS, the HARDWARE IPL.

The loading and initialization of the nucleus, the IPL RIMs. (Resource Initialization Module)

The initialization of general system resources, the NIP RIMs. (Nucleus Initialization Phase)

Master Scheduler Initialization, the MSI initialization

JES initialization

 A closer look at MSI is needed because it's during this phase that the z/OS security is started.

  1. Initialize MIH services

  2. Complete ASM initialization

  3. Initialize IOS dynamic pathing, create IOSAS

  4. Initialize Master's security environment

  5. Initialize Console attributes, DEL=RD etc.

  6. Initialize APPC services

  7. Initialize TSO services

  8. Initialize LOGREC Logstream recording

  9. Enable ENF services

  10. Initialize System Logger services, creates IXGLOG address space

  11. Vary all available CPs online

  12. Initialize SMF services, creates SMF address space

  13. Issue commands in IEACMD00 and COMMNDxx parmlib members

  14. Initialize RTM services

  15. Initialize System security processing

  16. Build defined subsystems

    Issue START for primary JES subsystem, if requested

  17. Hold primary JES STC and TSO processing

  18. Indicate MSI is complete

  19. Initialize Master command processing

  20. Issue command processing available message

  21. Allow pending address space creates (not done by Master) to complete

  22. Wait for JES to indicate primary services are available.

All IPL processing is now complete.

When security is started, modules ICHSEC00, ICHSEC05, ICHSCDMY are involved. All are aliases of SAFRTSEC and must reside in LPA.

Module SAFRTSEC:

  1. Initializes the SAF and issues the CAS2031 message.

  2. Calls module TSSMSIM which initializes the security for TSS and writes the TSS2000I and TSS2001I:

    TSS2000I CA TOP SECRET MSTR INITIALIZATION IN PROGRESS
    TSS2001I CA TOP SECRET MSTR INITIALIZATION COMPLETE
    CAS2031I CA SAF interface initialization complete

When all is done, TSS is ready to be started and security is fully available when TSS is up and running.

Powered by Wolken Software